Claimed Zero Day exploit in Samba.
michael.s.gilbert at gmail.com
Fri Feb 5 13:09:06 MST 2010
Jeremy Allison wrote:
> As an example, given a share definition:
> path = /tmp
> read only = no
> guest ok = yes
> The administrator could add a symlink:
> $ ln -s /etc/passwd /tmp/passwd
> and SMB/CIFS clients would then see a file called "passwd"
> within the [tmp] share that could be read and would allow
> clients to read /etc/passwd.
> All future versions of Samba will have the parameter
> "wide links" set to "no" by default, and the manual
> pages will be updated to explain this issue.
while more secure (hardened) defaults are good, wouldn't it be more
effective to tackle the root cause of the problem? i.e. on the samba
server side, detect attempts by remote users to create symlinks to
targets outside of their authorized shares and prevent that.
More information about the samba-technical